CVE-2012-0818 — Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy

Description

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

How to fix CVE-2012-0818

To remediate CVE-2012-0818, upgrade the affected package to a fixed version below.

Maven/org.jboss.resteasy:resteasy-client—upgrade to 2.3.1 or later

Is CVE-2012-0818 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.3.1

References (29)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-0818
PATCHgithub.com/resteasy/Resteasy
WEBrhn.redhat.com/errata/RHSA-2012-0441.html
WEBrhn.redhat.com/errata/RHSA-2012-0519.html
WEBrhn.redhat.com